[SmartcardServices-Users] [Fed-Talk] Lion - CAC and other Smart Cards

[Bob Colbert]

Shawn,

I believe that the Cyberflex Acess 64k V2C Card (ORC-issued ECA Smart Card) is a Java-type card if this means anything.  I believe the technical details are the following:

memory 64KB EEPROM for applets and data
Java Card Standard
Global Platform
ISO 2.1.1 (API, JCRE, JVM)
2.0.1
7816 (1,2,3), 7813, 7810
cryptographic algorithms RSA 1024, 2048
DES, 3DES (CBC EBC)
SHA-1 hashing
API for AES128
cryptographic features Global PIN Support
Global Platform (mandadet) DAP
Mutual Authentication through Global Platform Secure Channel
evaluated FIPS 140-2 Level 3

Im not sure if this means anything to you or if the upcoming Tokends from the MacOSForge site will support these.  Support of this card is important for DoD contractors that use the DISA-desiginated External Certificate Authority - http://iase.disa.mil/pki/eca/  ORC is one of the approved vendors for this program - http://eca.orc.com/

If not, I doubt Pkard would help either.

Bob Colbert
DE Technologies, Inc.
118 Sleepy Hollow Drive
Suite 1
Middletown, DE 19709
302-285-0354
302-285-0357 fax
colbert at detk.net

From: Shawn Geddis <geddis at apple.com<mailto:geddis at apple.com>>
Date: Wed, 20 Jul 2011 13:49:57 -0400
To: Bob Colbert <colbert at detk.net<mailto:colbert at detk.net>>
Cc: "fed-talk at lists.apple.com<mailto:fed-talk at lists.apple.com>" <fed-talk at lists.apple.com<mailto:fed-talk at lists.apple.com>>
Subject: Re: [Fed-Talk] Lion - CAC and other Smart Cards

On Jul 20, 2011, at 11:23 AM, Bob Colbert wrote:
Now the Lion has been released, can those of you that posted some additional information to the Developer Forums (because of the NDA) provide some of the info that is probably pertinent to those of us watching this list?  Perhaps the most critical for those watching this list, is the purported non-support of CAC cards in Lion.  The militarycac.com<http://militarycac.com> website is reporting that Pkard is the only option for CAC support for Lion.  I swear I thought that Shawn Geddis has implied that the new CAC cards would be supported in Lion because the tokend was updated but not yet published to the Sourceforge site.  Seems like a big disconnect.  Maybe CAC support was pulled at the last minute?

My ;articular interest is also in the support of the ECA-type of certificates for us contractor-folk.  Currently Pkard does not support these cards.  Although Im pretty sure that someone from Thursby follows this list.  Can you support some of these cards? My ORC-issued ECA Smart Card is reported as a Gemalto Cyberflex Access 64k V2C.

Bob Colbert
DE Technologies, Inc.

Bob,

With respect to OS X Lion, please see my previous message.

With respect to your "Gemalto Cyberflex Access 64k V2C".  What Applet is loaded on the card ? On OS X, it is not actually the card per se that determines support or not, but rather what applet is loaded.  OS X requires a Tokend for each Applet/Profile and if that is not recognized then OS X is unable to use the card.  You would need to acquire a Tokend (open source or commercial) to support whatever applet is loaded on your Smart Card.

- Shawn
________________________________________
Shawn Geddis
Security Consulting Engineer
Apple Enterprise Division
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20110727/7d79d19e/attachment.html>